Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2016-05-10 CVE-2016-4556 Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.
network
low complexity
squid-cache oracle canonical
7.5
2016-05-10 CVE-2016-4555 Improper Input Validation vulnerability in multiple products
client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.
network
low complexity
squid-cache canonical oracle CWE-20
7.5
2016-05-10 CVE-2016-4554 Insufficient Verification of Data Authenticity vulnerability in multiple products
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.
network
low complexity
oracle squid-cache canonical CWE-345
8.6
2016-05-10 CVE-2016-4553 Insufficient Verification of Data Authenticity vulnerability in multiple products
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.
network
low complexity
canonical squid-cache oracle CWE-345
8.6
2016-05-09 CVE-2016-4476 Improper Input Validation vulnerability in multiple products
hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation.
network
low complexity
w1-fi canonical CWE-20
7.5
2016-05-06 CVE-2015-8868 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document.
7.8
2016-05-05 CVE-2016-4008 Resource Management Errors vulnerability in multiple products
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.
network
high complexity
canonical opensuse gnu fedoraproject CWE-399
5.9
2016-05-05 CVE-2016-3718 Server-Side Request Forgery (SSRF) vulnerability in multiple products
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
5.5
2016-05-05 CVE-2016-3717 Information Exposure vulnerability in multiple products
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.
local
low complexity
canonical redhat imagemagick CWE-200
5.5
2016-05-05 CVE-2016-3716 Permissions, Privileges, and Access Controls vulnerability in multiple products
The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.
local
low complexity
canonical imagemagick redhat CWE-264
3.3